develooper Front page | perl.perl5.changes | Postings from April 2020

[Perl/perl5] 91f4f4: regcomp.c: Look before leaping; check beforealloc

From:
Karl Williamson
Date:
April 2, 2020 04:03
Subject:
[Perl/perl5] 91f4f4: regcomp.c: Look before leaping; check beforealloc
Message ID:
Perl/perl5/push/refs/heads/smoke-me/khw-parno/000000-60fd8d@github.com
  Branch: refs/heads/smoke-me/khw-parno
  Home:   https://github.com/Perl/perl5
  Commit: 91f4f42b81de2c638b8a4ab3dc93a38bc22f1379
      https://github.com/Perl/perl5/commit/91f4f42b81de2c638b8a4ab3dc93a38bc22f1379
  Author: Karl Williamson <khw@cpan.org>
  Date:   2020-04-01 (Wed, 01 Apr 2020)

  Changed paths:
    M regcomp.c

  Log Message:
  -----------
  regcomp.c: Look before leaping; check before alloc

This moves the allocation of a new regnode to just after the check that
the contents are ok, instead of just before.


  Commit: 60fd8d3e2363be430bb0e0984fdf80a2688523c8
      https://github.com/Perl/perl5/commit/60fd8d3e2363be430bb0e0984fdf80a2688523c8
  Author: Karl Williamson <khw@cpan.org>
  Date:   2020-04-01 (Wed, 01 Apr 2020)

  Changed paths:
    M regcomp.c
    M t/re/pat_advanced.t

  Log Message:
  -----------
  regcomp.c: Avoid overflow, segfault in (?+PARNO)

This adds a check and dies gracefully instead of overflowing before
performing an addition.  Instead of inventing a new error message, it
just re-uses the existing "non-existent group" one.

I did not dig deep enough to really understand the nuances of this code;
otherwise I would have added more comments.  But I did try to keep the
old behavior exactly, except for the overflow check.  The one deviation
I'm aware of is that if paren is a '+', the code will claim overflow
when in fact it is 1 away from overflowing.  I didn't think that
important enough to preserve.

This fixes GH #17593


Compare: https://github.com/Perl/perl5/compare/91f4f42b81de%5E...60fd8d3e2363



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About